(fix) Add missing S3 perms for CustomControlTowerCodePipelineRole to allow source fetch

n0ct1s-k8sh · Francisco Tomas Olivo Leon · commit b1e2e714c9a1 · 2025-09-29T14:08:33.000+02:00
diff --git a/customizations-for-aws-control-tower.template b/customizations-for-aws-control-tower.template
@@ -478,6 +478,9 @@ Resources:
                   - s3:PutObject
                   - s3:GetObject
                   - s3:GetObjectVersion
+                  - s3:GetObjectVersionTagging
+                  - s3:ListBucket
+                  - s3:PutObjectTagging
                 Resource:
                   - !Sub arn:${AWS::Partition}:s3:::${CustomControlTowerPipelineArtifactS3Bucket}/*
                   - !Sub arn:${AWS::Partition}:s3:::${CustomControlTowerPipelineS3Bucket}/*
